We introduce a two-player contest for evaluating the safety and robustness of
machine learning systems, with a large prize pool. Unlike most prior work in ML
robustness, which studies norm-constrained adversaries, we shift our focus to
unconstrained adversaries. Defenders submit machine learning models, and try to
achieve high accuracy and coverage on non-adversarial data while making no
confident mistakes on adversarial inputs. Attackers try to subvert defenses by
finding arbitrary unambiguous inputs where the model assigns an incorrect label
with high confidence. We propose a simple unambiguous dataset ("bird-or-
bicycle") to use as part of this contest. We hope this contest will help to
more comprehensively evaluate the worst-case adversarial risk of machine
learning models.

本研究引入了一个两人对弈的竞赛，用于评估机器学习系统的安全性和鲁棒性，针对非范数约束的对手进行研究。 防御方提交机器学习模型，试图在非对手数据上实现高准确性和覆盖率，并在对抗性输入上没有自信错误。 攻击者试图通过寻找任意的明确输入，在其高置信度下将错误标签分配给模型来破坏防御。 我们提出了一个简单的明确数据集（“鸟或自行车”）作为本竞赛的一部分。 我们希望这个竞赛能够帮助更全面地评估机器学习模型的最坏对抗风险。